Vtiger CRM could allow a remote attacker to bypass security restrictions, caused by an error in the forgotPassword.php script. An attacker could exploit this vulnerability to modify the password of any user.